K.S. Rajan (14
Dec 2011)"Breaking:
First Known Detection of Carrier IQ in Italy"

Carrier IQ: a potential spyware system installed into mobile
phones by telecom operators!!!
"[...] as a matter of fact [...] investigations have shown that
the Carrier IQ software is embedded on nearly every mobile phone
and operator, at least in the U.S where concerns of consumer
privacy led Massachusetts congressman Rep. Edward Markey to ask
the Federal Trade Commission to investigate the company over
concerns of consumer privacy."
"[...] the software “only” collects anonymized metrics data,
although there are hooks inside the code to events such as
keystrokes, possibly suggesting the implementation of this kind
of functionality for future versions."
"[...] it’s very important to note that it’s up to the carrier
to request that Samsung include that software on devices."

From
http://paulsparrows.wordpress.com/2011/12/12/breaking-first-known-detection-of-carrier-iq-in-italy/
, FYI,
David
Breaking: First Known Detection of Carrier IQ in Italy
December 12, 2011 Paolo Passeri Leave a comment Go to comments
I am proud to post here the first known detection in Italy of
the infamous Carrier IQ software!
As you will probably know, everything started on Nov. 28, on the
other side of the Atlantic, when Trevor Eckhart, an Android
developer posted a video on YouTube showing the hidden software
Carrier IQ interacting oddly with his mobile phone activity.
Eckhart subsequently alleged his keystrokes and data were being
collected without his permission.
Easily Predictable, speculation and accusations have immediately
begun, concerning the kind of data collected by Carrier IQ and
presumably transmitted to Wireless Mobile Operators: as a matter
of fact subsequent investigations have shown that the Carrier IQ
software is embedded on nearly every mobile phone and operator,
at least in the U.S where concerns of consumer privacy led
Massachusetts congressman Rep. Edward Markey to ask the Federal
Trade Commission to investigate the company over concerns of
consumer privacy.
But although many believed the software was logging keystrokes
and collecting sensitive data, a subsequent more reasonable
analysis carried on reversing the code, has shown a different
scenario: the software “only” collects anonymized metrics data,
although there are hooks inside the code to events such as
keystrokes, possibly suggesting the implementation of this kind
of functionality for future versions. Essentially the analysis
confirmed the content of a statement by the company which
attempted to clarify how information was being collected:

We measure and summarize performance of the
device to assist Operators in delivering better service.
While a few individuals have identified that
there is a great deal of information available to the Carrier IQ
software inside the handset, our software does not record, store
or transmit the contents of SMS messages, email, photographs,
audio or video. For example, we understand whether an SMS was
sent accurately, but do not record or transmit the content of
the SMS. We know which applications are draining your battery,
but do not capture the screen.

Nevertheless, since the clarifications did not mitigate the fact
that Carrier IQ is s a potential risk to user privacy, and users
may not choose to to disable it, As a consequence a bunch of
Class Actions lawsuits have been filed against the main handset
manufacturers and carriers including, besides the obvious
Carrier IQ, AT&T, Sprint Nextel, T-Mobile USA, HTC, Apple,
Samsung, and Motorola Mobility.
Of course European regulators could not remain indifferent, and
started immediately to investigate Carrier IQ. Germany’s
Bavarian State Authority for Data Protection was the first to
contact Apple, which publicly declared to have included Carrier
IQ in earlier version of iOS, with support ceased with iOS 5 and
completely removed for previous versions in future software
updates. The German Example has immediately been followed not
only by other regulators in the U.K., France, Ireland and
Italy, but also from organizations like BEUC, the European
Consumers’ Organisation that defend the users’ right to be told
how their data is used.
I was wondering if Europe’s concerns were exaggerated (since so
far the scandal seemed to be contained in the U.S.) until a
friend of mine decided to test one of the available Carrier IQ
detection tools on his Samsung Galaxy Tab, which was purchased
from 3, an Italian Mobile Operator belonging to the H3G Giant.
Of course the results are shown above: the tool detected the
Carrier IQ software in an inactive state. The bad thing is that,
although apparently inactive, my friend told me he was not able
to remove the software following the different procedures
available on the web even if he did not spend so much time in
its removal. So far I can only show the screenshot but he told
me he will give me his device for a deep analaysis (with caution
since it is his work device).
Thinking at this strange encounter, I admit I could not help but
think to Samsung’s official statement concerning Carrier IQ (and
reported by Engadget):

Some Samsung mobile phones do include Carrier
IQ, but it’s very important to note that it’s up to the carrier
to request that Samsung include that software on devices. One
other important point is that Samsung does not receive any
consumer user information from the phones that are equipped with
Carrier IQ.

Since it is up to the carrier to request the software to be
included on Samsung devices, I presume that 3 could have decided
to install it on all the devices for the Italian Market. I
tested the tool on My HTC Desire and Sensation XE (both
belonging to Telecom Italia Mobile) with no result.
Francesco Pizzetti, Italy’s Protection of Personal Data
Guarantor will have a lot to do… meanwhile he opened an
investigation into how Carrier IQ works and is checking Italian
mobile phones to verify where the software is in use.
Mobile devices are more and more becoming inseparable companions
for our personal and professional life, and deadly enemies for
our privacy…